Digital Transactions Authoritative, insightful and timely information for payments professionals
July was a month of mixed news on the online-fraud front, as the number of unique reports of phishing attacks dropped 17% from June, to 23,670, but the population of Web sites hosting attacks ballooned 41%, to a record 14,191, according to the latest numbers from the Anti-Phishing Working Group, which tracks the crime. Though the number of reported attacks fell, it was still second only to the record high registered in June, says the group, a consortium of transaction processors, banks, online retailers, software firms, and law-enforcement agencies. Meanwhile, the number of sites represents an increase of more than 2,000 over the previous record, set in May. The fraudsters are also targeting more brand names. The APWG reports the number of brands hijacked in phishing schemes in July jumped to 154, also the most the group has recorded since it began monitoring the trend in 2003. The old high was 137, set in May, while in June the number had fallen to 130. Financial-services companies still account for by far the most brands appropriated by phishers, finding their names and logos used in better than 90% of attacks. The APWG reports better news on the malware front. The number of unique applications of malicious code, which online fraudsters use to grab PINs, passwords, and other data as victims enter them, fell to 182, down from 212 in June and from the record 215 found in May. Meanwhile, the number of unique Web sites hosting malware plunged to 1,850, from a record 2,945 in June. The APWG monitors phishing via reports from both the public and researchers. It counts as a unique report one that refers to a phishing campaign featuring e-mail messages with the same subject line. A single report may refer to tens of thousands of messages. It counts unique phishing sites by reference to a unique base URL. The increase in phishing attacks?in which fraudsters use e-mail messages featuring faked logos of trusted brands to induce recipients to give up key information?has caused online banking and retailing experts to fear that the fraud could weaken consumer confidence in the Internet as a transaction channel. It has also in part led to recent moves, such as a federal guidance pushing banks to adopt strong authentication, to shore up online defenses.
